formats

Welcome to News & Events

Published on December 20, 2011, by in Industry News.

Welcome to The Fraud Practice’s FraudBlog; your source for updates on current events, commentary and best practices related to the eCommerce CNP payments and fraud industry.

Be sure to signup to see all of our content to include our free monthly FraudBlog Newsletter.

 
formats

In-Store Mobile Payments Forecasted to Reach $54 Billion by 2019, Online Mobile Payment Volume Will be Three Times Larger

Javelin estimates that the mobile payment volume for in-store purchases in the U.S. will grow more than tenfold, from $4 billion in 2014 to $54 billion in 2019. However, its mCommerce transactions, those made online either via mobile web browsers or apps, that dominate consumer mobile payments in the U.S. today, representing 95 percent of the total mobile payment volume. Although not growing as rapidly as mobile contactless payments, mCommerce is forecasted to more than double by 2019, when it will then make up three-quarters of the total U.S. mobile payment volume.

Mobile commerce is growing at a torrid pace as consumers in the U.S. and worldwide continue to spend more from their mobile devices, both online and in-store. When it comes to measuring the mobile payment volume it is important to differentiate in-store mobile contactless payments from online mCommerce, just as we track Customer Present and Customer Not Present payments separately. Javelin Strategy and Research estimates that the total U.S. consumer mobile payment volume reached $79.8 billion in 2014 and they forecast this to increase to $217.4 billion by 2019. However, online and multi-channel merchants should be taking a closer look to see how this breaks down for in-store versus mCommerce mobile payments, and also mobile browser versus app payments, to gain a more complete picture in terms of where to invest and allocate resources.

Read More

 
formats

Study Finds Significant In-App Theft and Click Fraud in the Mobile Channel

Examining millions of in-app transactions and billions of in-app clicks over the first five months of the year, a recent study from Apsalar estimated an in-app transaction fraud rate of nearly 7.5 for virtual goods and an in-app click fraud rate of more than 2.5 globally, meaning for every legitimate click or transaction there were this many that were fraudulent or unexplained.

Apsalar, an omni-channel data management platform, examined over 200 million in-app transactions for virtual goods and over 10 billion in-app clicks occurring between January and May 2015 for fraud. The study sought to quantify the level of click fraud in the mobile channel by measuring the click-to-install fraud rate and in-app purchase fraud rate across countries and worldwide.

Read More

 
formats

Apple Pay Launches in the United Kingdom with 8 Banks and 250,000 Merchant Locations On Board

On July 14th, about nine months after its release in the United States, Apple Pay became available in a second market, the United Kingdom. At the time of launch about 70 percent of all UK-issued credit and debit cards could be used with Apple Pay, and with a higher penetration rate of NFC payment terminals in the UK, Apple Pay adoption could soon surpass that in the United States, despite the US’ head start.

Consumers in the UK who want to use Apple Pay should have plenty of opportunities to do so. With a higher adoption of contactless payments and NFC enabled payment terminals, more than 250,000 merchant locations were equipped and ready to accept Apple Pay once it went live in the United Kingdom. In addition to several major fast food, drugstore and supermarket chains, consumers will be able to use Apple Pay for public transit in London as subway, bus and rail network fares can be purchased with the NFC mobile payment service.

Read More

 
formats

American Express Leverages Cardholder Online Login Information for Faster Online and Mobile Purchases with Amex Express Checkout

Following Visa Checkout and MasterPass, American Express launched their new Amex Express Checkout service in July, but doesn’t want it to be labeled a wallet. Cardholders that login to view or pay statements online can use the same user ID and password to submit payments online via PCs, mobile web browsers and mobile apps, and American Express will provide the merchant with a token to process payment.

Like Visa and MasterCard, American Express is taking measures to make it as easy as possible for their cardholders to use Amex cards for online transactions, especially when coming from mobile devices. Digital wallets like PayPal expedite checkout by allowing a user to login with a username and password rather than type in a 16-digit credit card number, billing address, shipping address and other information. The two largest card associations launched Visa Checkout and MasterPass to offer this convenience, and while American Express is following suit there are some similarities and differences between the other card association wallets.

Read More

 
formats

First Data Acquires Digital Gift Card Distributor Transaction Wireless Inc.

Less than one year after the acquisition of digital gift card platform Gyft in 2014, First Data announced the acquisition of Transaction Wireless Inc., who provides open and closed loop prepaid and store-branded digital gift card management, on July 14th. Financial terms were not disclosed for either acquisition.

The acquisition of Transaction Wireless increases First Data’s capabilities and services offerings related to digital gift cards and reloadable prepaid cards. Whereas Gyft is a platform for purchasing digital gift cards the latest acquisition provides First Data with the ability to distribute digital cards for merchants and offer more services in terms of digital gift card and prepaid card management.

Read More

 
formats

Dyre Malware Picks Up Where Zeus Left Off

Since the takedown of the Zeus botnet in June 2014 fraudsters have moved to a new malware of choice, known as Dyre, which also seeks to obtain online banking credentials by mimicking hundreds of different financial institutions worldwide, including 70 in the United States. The malware can infect IE, Chrome and Firefox users, and infections continue to grow, particularly in the U.S. and Europe.

The Dyre malware is primarily spread via spam emails containing a malicious attachment. Often these are made to look like fax or voicemail messages, but take the user to download a reconnaissance downloader tool known as Updatre, which was also used with the Gameover Zeus malware. Security firm Symantec first detected the Dyre malware in June 2014 following the shutdown of the Gameover Zeus Botnet. Detections of the Dyre malware spiked two months later in August and has continued at increased levels since. According to Trend Micro there were 9,000 Dyre infections in Q1 2015, up from 4,000 in Q4 2014. Over 39 percent of these infections came from users in Europe while 38 percent occurred in North America during Q1 2015.

Read More

 
formats

Most U.S. Merchants Will Not Make EMV Deadline and Less than Half of Small Businesses Have Any Plans To

According to a recent report from Javelin Strategy & Research, up to 75 percent of merchants in the United States will not be EMV compliant by the October 15th deadline. Many major retailers have already started implementing EMV terminals but smaller merchants are much further behind and many have no plans to catch up. A survey commissioned by Intuit in late April found that only 42 percent of small businesses plan to make the switch to EMV.

At the end of 2014 the EMV adoption rate among U.S. merchants was 7.3 percent. As many large retailers have invested in upgrading their payment terminals this figure has climbed in the first half of 2015, but only about one-in-four merchants are expected to be EMV compliant by the liability shift date, according to Javelin. Javelin also estimates that the total cost to upgrade to EMV will be $8.7 billion across merchants and financial institutions. While many large and enterprise organizations have already started this transition, there are several signs that smaller merchants and issuers are lagging behind.

Read More

 
formats

MasterCard Forms New Partnerships to Proliferate Use of Tokens

MasterCard seeks to solidify their place as a premier token service provider as they recently formed partnerships with Synchrony Financial and Citi Retail Services to support tokenization for several private label payment cards. The card association also announced plans to expand token services for mobile and eCommerce merchants with recurring billing and card-on-file programs.

These issuer-based tokens are what are used with Apple Pay, Android Pay and Samsung Pay. The merchant never receives the actual payment card information, and neither does their processor. Rather they are provided with a token which the card association can connect to the card issuer for authorization, and as a result the merchant can receive an authorizations response and process the transaction without needing to possess or transmit the 16 digit Primary Account Number (PAN).

Read More

 
formats

Taxpayer Data Stolen from IRS Used to File Up to $39 Million in Fraudulent Returns

Published on June 25, 2015, by in Data Breach.

Between February and May fraudsters used compromised consumer information to obtain more detailed tax payer data via the IRS’s “get transcripts” web service for consumers. The IRS estimates there were 200,000 unauthorized attempts or lookups to gain access to copies of previous year tax returns, more than half of which were successful, leading to as much as $39 million in fraudulently claimed tax refunds.

The IRS has taken measures to make tax information more accessible to legitimate taxpayers, but fraudsters will try to take advantage of these features and services as well. IRS Inspector General J. Russell George led an audit of the IRS’ interactive computer applications in March which identified many areas in which the IRS “could better protect taxpayer data.” The audit included 44 recommendations which have not yet been implemented.

Read More

 
formats

Samsung Disables Windows Updates Leaving PCs Vulnerable

Many Samsung laptop users have recently found, or may still be unaware, that software from Samsung is disabling Microsoft’s automatic Windows Updates, leaving these devices susceptible to attacks and vulnerabilities that may have been preventable. Even if users disable the Samsung software and manually turn Windows Updates back on, the computer will revert back to blocking Windows Updates once it is rebooted.

Disabling Windows Updates, or at least attempting to, is a fairly common tactic across many types of malware. This prevents the user from being prompted or automatically having updates and patches installed that will reduce the infected machine’s vulnerability to this and other strands of malware. Samsung, however, may be the first legitimate hardware manufacturer to intentionally disable Windows Updates.

Read More

 
© The Fraud Practice LLC 2012